search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.59k stars 8.1k forks source link

[Security Solution] Misleading prevalence tab #164954

Closed MadameSheema closed 11 months ago

MadameSheema commented 1 year ago
Screenshot 2023-08-28 at 11 12 21

After taking a look at the above screenshot, I initially thought that we had an issue because the document count was displayed as 0. After synced with @PhilippeOberti he explained me that:

alert count => documents with the highlighted field key/value pair that have event.kind === signal
document count => documents with the highlighted field  key/value pair that have event.kind !== signal

I believe the way we present the information might be a bit misleading since an alert is a document in our .alerts index, so for instance, in this specific case, I was expecting to see 1.

elasticmachine commented 1 year ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 1 year ago

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

PhilippeOberti commented 11 months ago

@MadameSheema these tooltip were added (and we checked with docs for the wording). Is that sufficient to close this ticket in your opinion?

https://github.com/elastic/kibana/assets/17276605/1e6921a0-7eab-41a6-a1b3-e852c2bfc63a

MadameSheema commented 11 months ago

Yes!